The Noxon Audio is a simple wireless music player. It implements the following
Noxon Audio quirks
There is no correspondence between the mute button on the remote and the (un)mute functionality that is offered through UPnP.
Audio spamming with the Noxon Audio
One of the SOAP actions that is implemented by th Noxon Audio is SetAVTransportURI with which you can set the
variable NextAVTransportURI, which is
defined in the UPnP MediaRenderer/MediaServer 1.0 specifications as
"AVTransportURI value to be played when the playback of the current
In the case of the Noxon Audio as soon as you set it and force it to go to the next track, it will start playing from the new URI, even if this is a non-LAN URI. So you can force the device to play content that a user does not want to hear, such as audio spam or propaganda.
The requester does not even have to be on the local network. If some malware could first make a portforward to the UPnP control port on the Noxon Audio (through UPnP of course!) the attack can be almost completely remote.